Information security is top of mind for most businesses today. Not only to they have to worry about increasingly sophisticated and motivated hackers, they have to worry about their own staff, and data loss through either carelessness or malice.
Should a security event occur, and customer data be lost or exposed, the damage to the business goes way beyond the financial. Damage to a company’s reputation can be catastrophic. Loss of confidence and trust can see a business closing its doors.
This has seen the rise of the chief information security officer (CISO) whose job it is to oversee and manage current and future security – from internal tools and solutions to implementing new security standards, explains Louise Robinson, MD of CG Consulting.
The CISO’s role is a busy one. He or she will make all decisions concerning the information security products and services the business chooses to implement, and will have the final say on all security-related purchases. However, reaching the CISO is difficult at the best of times.
According to Robinson, security is much like insurance. “No company can afford to be without it, but it is still a grudge purchase for most organisations. After all, security solutions don’t help the business to profit, nor do they help it run more efficiently. They don’t boost innovation, or add to the bottom line in any way. They are there to prevent the worst case scenario.”
She says most savvy companies take security seriously, and allocate a fair amount of the budget towards bolstering the organisation’s security posture. However, some businesses still battle to justify spending on these products and services.
“Many companies jump on the security bandwagon because it’s the ‘next big thing’ and if their competitors are buying these solutions, they must too. They don’t really understand the issues, and buy a mishmash of products without really knowing what is needed for their defence, or how these solutions work together.”
Other organisations fall prey to scaremongering. “They hear about a major outbreak such as the Wannacry ransomware, get into a panic, and quickly buy the ‘latest and greatest’ tools that are offered to them. Or they might up their security investments in the aftermath of a minor incident, because there’s nothing like a breach to act as a wake-up call. No company is anxious to read about itself and its insufficient security measures in the papers.”
Some businesses invest in information security as a means of remaining compliant, and not falling foul of legal regulations. “Today’s businesses that suffer a breach, and are found to not have adequate security measures in place, are in major trouble. Massive fines and expensive lawsuits are only the tip of the iceberg. The consequences can be disastrous, and can close a business for good.”
Any business that is in the security game needs to communicate that the cost of their solutions is infinitely less expensive than the cost of a data breach, and they need to communicate this to the CISO. But how do they reach these high level executives?
According to Robinson, this is where a database partner comes in. “A good partner will be able to provide the details of all high level executives in target organisations, or just lists of a C-level targets across a range of industries if that’s what the client needs. To sell your product, you have to speak to the right person from the start, which is why we ensure our comprehensive list of African CIOs is always up to date. The CISO lives and breathes security, and will know what products and solutions are a good fit for his organisation, so all you need is a foot in the door.”